Wired publishes documents detailing the FBI's spyware

Wired's Kevin Poulsen has pried loose details about the FBI's homebrew spyware, used in criminal investigations. The document is redacted almost to the point of uselessness, but there are some interesting nuggets. Paul Ohm, who used to work in the FBI department responsible for the spyware, notes,

Page one may be the most interesting page. Someone at CCIPS, my old unit, cautions that "While the technique is of indisputable value in certain kinds of cases, we are seeing indications that it is being used needlessly by some agencies, unnecessarily raising difficult legal questions (and a risk of suppression) without any countervailing benefit,"

...

On page 152, the FBI's Cryptographic and Electronic Analysis Unit (CEAU) "advised Pittsburgh that they could assist with a wireless hack to obtain a file tree, but not the hard drive content." This is fascinating on several levels. First, what wireless hack? The spyware techniques described in Poulsen's reporting are deployed when a target is unlocatable, and the FBI tricks him or her into clicking a link. How does wireless enter the picture? Don't you need to be physically proximate to your target to hack them wirelessly? Second, why could CEAU "assist . . . to obtain a file tree, but not the hard drive content." That smells like a legal constraint, not a technical one. Maybe some lawyer was making distinctions based on probable cause?

And the FBI are in your computer looking for..kiddie porn? State secrets? What else could they be looking for?
It’s probably a thin book, those cases where this tech has actually provided evidence that could be introduced in a court of law: my guess, only in cases where the possession of that info (kiddie porn only, AFAIK: is the mere possession of “classified” info an imprisonable crime in the USA?), without anything more, is enough to get you a long stretch in jail.

Interesting… according to this you get infected with the FBI spyware by clicking a link. This would seem to rely on specific vulnerabilities in specific browsers; that is, internet explorer. And even then, only versions of internet explorer in which the vulnerability hasn’t yet been patched. It could also be an activeX control that a page tricks you into running, but again, it requires IE.

I’m not buying it. In the six hundred other pages of documentation that weren’t released at all, I’m sure there’s information about other attack vectors. I can’t imagine the FBI being helpless against anyone who does something as trivial as using firefox or keeping IE updated with the latest patches.

I’d fully expect this kind of software to use every known remote code execution vulnerability in windows, and maybe a few that aren’t yet publicly known.

Eh. People get worked up about this kinda “emerging secrets” stuff, but the more mundane well-documented programs and capabilities such as CALEA are far more worrying, if you’re familiar with what something like CALEA can do.

Call it “wiretapping” but that implies cutting into a wire with some alligator clips and attached gadgets in some basement somewhere.

With CALEA, the FBI can themselves just call up a live copy of your phone traffic and send it into their offices.

Do they need a warrant? Well, they probably get one only after they find that there are interesting things going on worth making an arrest for.

With NSA they scoop up huge volumes of traffic and then have computers search for the interesting bits. If they have ever bothered getting warrants, etc…, they probably do so only in those rare cases when they will have to make it obvious to the public they were listening.